back to article Azure blunder left Bing results editable, MS 365 accounts potentially exposed

An Azure Active Directory (AAD) misconfiguration by Microsoft in one of its own cloud-hosted applications could have allowed miscreants to subvert the IT giant's Bing search engine – even changing search results. User information including Outlook emails, calendars, and Teams messages was also left vulnerable to potential theft …

  1. Steve Davies 3 Silver badge
    Linux

    Another day, another MS cockup.

    Nothing new here. Move along now.

    1. Anonymous Coward
      Anonymous Coward

      Re: Another day, another MS cockup.

      Ecosystem too complicated/vague for ecosystem operational staff to use, and security reporting/audit tolls either ineffective, or not used by the QA Team.

      1. druck Silver badge
        FAIL

        Re: Another day, another MS cockup.

        or no t used by the QA Team.

        FTFY

    2. Blazde Silver badge

      Re: Another day, another MS cockup.

      Whoever's job it is to update Bing's 'best soundtracks' search result with Oscar winners still hasn't added the 2022 entry and the ceremony was nearly 3 weeks ago.

      Another cock up.

      1. yetanotheraoc Silver badge

        Re: Another day, another MS cockup.

        "the ceremony was nearly 3 weeks ago"

        The AI was trained more than 3 weeks ago, so it's not getting added soon.

  2. Anonymous Coward
    Anonymous Coward

    Sounds serious

    Did both Bing users notice ?

    1. Anonymous Coward
      Anonymous Coward

      Re: Sounds serious

      Yes - they were the ones doing the research.

  3. Pascal Monett Silver badge
    Trollface

    "to reduce the risk of future misconfigurations"

    Because obviously Borkzilla cannot ignore that there will be future misconfigurations . . .

  4. Zippy´s Sausage Factory
    Devil

    Average CEO response: "Look, we don't secure our systems because it's the job of the, like, police or something, to prosecute people who hack into our stuff. I mean otherwise what do we evade paying taxes for?"

  5. Hubert Cumberdale Silver badge

    I wish I could edit Bing's search results. They might get more useful.

  6. Mike 137 Silver badge

    "a single checkbox is all that separates an app from becoming 'multi-tenant'."

    That's the MS 'way forward'. Right across their products there's been progressive elimination of the often essential confirmation prompt, resulting in a single click launching an event without verification. This policy has clearly reached a point where it's becoming actually dangerous. Maybe they'll rethink? probably not.

    1. donk1

      Re: "a single checkbox is all that separates an app from becoming 'multi-tenant'."

      The problem is

      a) With a GUI and a mindset that "administration is easy" people will tend to keep pressing submit and fill in the mimimun to make the submit button work

      b) Wuth a GUI designer seem to always want to have a default for toggles like these. "Boss, what should the default be?"

      With a command line, --single_tenant and --multi-tenant and having to BUILD the command people first list the available options and then THINK about selecting the options they need.

      Also when people think about automating the process they already have the command to hand!

      I have always been of the opion GUI's are GREAT for viewing (READ) not changing (WRITE).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like